Wednesday, September 14, 2011

Apple discontinues security updates for old Macs


Sad little Mac
Owners of Apple computers five or more years old, be warned: you're on your own, security-wise.

This was the warning aired by a security researcher who said Apple stopped releasing security updates for Macs with PowerPC G4 or G5 processors.

"Macs purchased as recently as 5 years ago are now left exposed to known security vulnerabilities," researcher Joshua Long said in a blog post .

"Apple should consider supporting Mac hardware for at least a few years longer than it has been in recent years. If Apple had chosen to support the last generation of G4/G5 Macs with Snow Leopard, and the first-generation Intel Core Solo/Duo Macs with Lion, it would have added an additional two years onto the life cycle of each hardware platform. For many Apple customers, having to throw away their hardware and spend $1,000 or more on a new computer every 5 or 6 years (or risk being exposed to security exploits) is not a very reasonable solution," he added.

He also noted Apple's latest security update to counter the rogue security certificates recently issued by DigiNotar did not cover such Macs.

Apple's Security Update 2011-005 fixes the problem only on Mac OS X v10.6 "Snow Leopard" and Mac OS X v10.7 "Lion," both of which can only run on Intel-based Macs.

Since January 2006, Apple has transitioned from using the PowerPC to Intel processors.

"Until (last weekend), Apple had been releasing security updates for Mac OS X v10.5 Leopard, the final version of the Mac operating system that is compatible with G4 and G5 processors. Prior to Apple's transition to the Intel architecture in 2006, all Macs had been based on the IBM/Motorola PowerPC G4 and G5 processors," Long noted.

He said that while the machines bought in 2006 are still expected to run well, they have been cut them off from getting security updates from Apple.

"This poses a problem for some businesses and consumers who were not expecting to have to spend thousands of dollars on new hardware this year; note that the Xserve and Power Macintosh G5 in particular were high-end hardware and the most expensive models," he said.

Long said this may also impact on businesses that bought many Macs before the Intel transition, and even on schools with computer labs with iMacs purchased at the beginning of the 2005 school year.

On the other hand, he said Apple has a history of only releasing security updates for the most recent and one previous major release of its Mac OS X operating system - in this case, Lion and Snow Leopard, respectively.

Forced shift to Windows?

Long pointed out the cost of replacing all of the six-year-old computers at once may be particularly burdensome due to economic factors including budget cuts in education.

"If they cannot afford to buy that many new Macs this year, they may be forced to seek alternative solutions such as replacing their Macs with sub-$400 Windows PCs," he said.

Safari updates not enough

Long also said it is not enough to issue security updates for Apple's Safari browser and QuickTime media player to make Leopard and earlier OS X versions safe and secure.

"Since Apple is not releasing updates for the operating system itself, whenever new vulnerabilities are discovered that affect the core of Leopard, Apple will do nothing to help protect Leopard users from these vulnerabilities," he said.

Adobe Flash update problems

Long also warned users of Leopard on PowerPC-based Macs that Adobe stopped releasing Flash Player updates for PowerPC in February 2011.

He said this makes PowerPC Mac users vulnerable to Flash vulnerabilities that have been widely exploited in the wild.

Manual remedies

At least for now, Long said G4 and G5 users running Leopard can hold out on buying an Intel-based Mac for a bit longer if absolutely necessary, if they manually implement a few security tweaks.

He advised them to:

  1. manually delete the DigiNotar Root CA from their systems
  2. disable Java in all browsers
  3. uninstall Flash Player

"If Flash is absolutely necessary for a few trusted sites, users can install the insecure final version of Flash Player 10.1 ... and block Flash content by default using a browser add-on," he said.

Another alternative is to try using the latest release of Ubuntu Linux for PowerPC as an alternative to Leopard.

However, Long said those who try Ubuntu for PPC will likely be disappointed by the limited PowerPC support from third-party Linux software developers.

Microsoft to continue security for WinXP

Meanwhile, Long noted Microsoft will continue to offer security updates for Windows XP, the first version of which was released in 2001, until April 2014.

"At first glance, this makes Apple's dropping of support for 5-year-old computers look especially bad. However, Microsoft allowed PC manufacturers to sell Windows 7 PCs 'downgraded' to Windows XP (that is, with Windows XP preinstalled) as recently as October 2010, so users who bought Windows XP computers then will only receive updates for their installed operating system for a total of 3.5 years," he said.

He said the major difference is that unlike Mac users, Windows XP users will have the option to reformat their systems and install a newer version of Windows after the April 2014 deadline.

In contrast, PowerPC Mac users have no similar option because their hardware is no longer supported, not just their operating system.
Again, Apple could care less about looking bad.   Why would they stop support? If Mac security is so great, it should be easy and cost them very little.  I know. To force people who want their products bad enough to shell out even more cash.  Cha-ching Apple!


  1. You need more publicity fellas, I couldn't agree with you more, but the appleboys need to get such inform.
    You can be sure that they'll won't get a massages sent by Apple telling them: hey, we won't support your OS anymore, sod off!

  2. We need to open a nation wide law suit, Any good lawyers out there?????

  3. Well, there is this:

    Maybe you can start an American chapter.